ByteOS Network

NVD Vulnerability Details :

CVE-2021-3991

Analyzed

Source-security@huntr.dev

Published At-15 Nov, 2024 | 11:15

Updated At-19 Nov, 2024 | 15:31

An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Secondary	3.0	4.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Type: Primary

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Type: Secondary

Version: 3.0

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CPE Matches

Dolibarr ERP & CRM

>>dolibarr_erp\/crm>>Versions before 20.0.2(exclusive)

cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-639	Primary	nvd@nist.gov
CWE-285	Secondary	security@huntr.dev

CWE ID: CWE-639

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-285

Type: Secondary

Source: security@huntr.dev

References

Hyperlink	Source	Resource
https://github.com/dolibarr/dolibarr/commit/63cd06394f39d60784d6e6a0ccf4867a71a6568f	security@huntr.dev	Patch
https://huntr.com/bounties/58ddbd8a-0faf-4b3f-aec9-5850bb19ab67	security@huntr.dev	Third Party Advisory

Hyperlink: https://github.com/dolibarr/dolibarr/commit/63cd06394f39d60784d6e6a0ccf4867a71a6568f

Source: security@huntr.dev

Resource:

Patch

Hyperlink: https://huntr.com/bounties/58ddbd8a-0faf-4b3f-aec9-5850bb19ab67

Source: security@huntr.dev

Resource:

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History